Upstream information
Description
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having critical severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 8 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | High |
| User Interaction | None |
| Scope | Changed |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
Note from the SUSE Security Team
This CVE affects only Red Hat OpenShift implementations, but not Rancher Kubernetes Engine (RKE) or k3s. No SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Wed Apr 5 00:00:13 2023CVE page last modified: Mon May 6 16:36:04 2024